-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optimize bls12 381 pairing #923
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #923 +/- ##
==========================================
+ Coverage 70.96% 71.08% +0.11%
==========================================
Files 144 144
Lines 31672 31824 +152
==========================================
+ Hits 22477 22622 +145
- Misses 9195 9202 +7 ☔ View full report in Codecov by Sentry. |
pub fn miller( | ||
q: &ShortWeierstrassProjectivePoint<BLS12381TwistCurve>, | ||
p: &ShortWeierstrassProjectivePoint<BLS12381Curve>, | ||
) -> FieldElement<Degree12ExtensionField> { | ||
let mut r = q.clone(); | ||
let mut f = FieldElement::<Degree12ExtensionField>::one(); | ||
let mut miller_loop_constant = MILLER_LOOP_CONSTANT; | ||
let mut miller_loop_constant_bits: alloc::vec::Vec<bool> = alloc::vec![]; | ||
|
||
while miller_loop_constant > 0 { | ||
miller_loop_constant_bits.insert(0, (miller_loop_constant & 1) == 1); | ||
miller_loop_constant >>= 1; | ||
} | ||
|
||
for bit in miller_loop_constant_bits[1..].iter() { | ||
double_accumulate_line(&mut r, p, &mut f); | ||
if *bit { | ||
add_accumulate_line(&mut r, q, p, &mut f); | ||
} | ||
} | ||
f.conjugate() | ||
} | ||
#[allow(unused)] | ||
pub fn miller_optimized( | ||
q: &ShortWeierstrassProjectivePoint<BLS12381TwistCurve>, | ||
p: &ShortWeierstrassProjectivePoint<BLS12381Curve>, | ||
) -> FieldElement<Degree12ExtensionField> { | ||
let mut r = q.clone(); | ||
let mut f = FieldElement::<Degree12ExtensionField>::one(); | ||
X_BINARY.iter().skip(1).for_each(|bit| { | ||
double_accumulate_line(&mut r, p, &mut f); | ||
if *bit { | ||
add_accumulate_line(&mut r, q, p, &mut f); | ||
} | ||
}); | ||
|
||
f.conjugate() | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we can just keep miller_optimized
as miller
and, if we need the old one for validation, call it miller_slow
.
fn miller( | ||
q: &ShortWeierstrassProjectivePoint<BLS12381TwistCurve>, | ||
p: &ShortWeierstrassProjectivePoint<BLS12381Curve>, | ||
pub fn final_exponentiation( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similarly, if both implementations are essentially the same in intent, reserve the plain name for the fast version.
// Miller | ||
group.bench_function("Miller Naive", |bencher| { | ||
bencher.iter(|| black_box(miller(black_box(&a_g2), black_box(&a_g1)))) | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this is no longer the naive version.
} | ||
|
||
#[allow(clippy::needless_range_loop)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't seem necessary.
BLS 12-381 pairing optimization
Description
This PR aims to improve the pairing for the bls 12-381 curve by using optimized operations
Type of change
Benches
Actual
Ate pairing
: 12.169 msFinal exponentiation
: 11.499 msNew version
Ate pairing
: 2.0644 msFinal exponentiation
: 1.0674 ms